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Listing of the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Currently Amended) A method for isolating a plurality of ports sharing a single virtual 
local area network (VLAN) on a layer 2 switch, comprising: 

configuring each of said plurality of ports by a user on said layer 2 switch as a protected 
port or a non-protected port; 

matching a destination address on a data packet with a physical address on said layer 2 
switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination address on 
said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding map. 

2. (Original) The method of claim 1 wherein said generating step further comprises sending 
said data packet to each of said non-protected ports if said destination address is not matched 
with said physical address and said ingress port is a protected port. 

3. (Original) The method of claim 1 wherein said generating step further comprises sending 
said data packet to all of said plurality of ports if said destination address is not matched with 
said physical address and said ingress port is a non-protected port. 
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4. (Original) The method of claim 1 wherein said generating step further comprises allowing 
said data packet to be forwarded from one of said protected ports to each of said non-protected 
ports. 

5. (Original) The method of claim 1 wherein said generating step further comprises 
allowing said data packet to be forwarded between each of said non-protected ports. 

6. (Original) The method of claim 1 wherein said generating step further comprises 
prohibiting said data packet to be forwarded between each of said protected ports. 

7. (Original) The method of claim 1 wherein said generating step further comprises 
allowing said data packet to be forwarded between one of said non-protected ports to each of said 
protected ports. 

8. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
isolating a plurality of ports sharing a single virtual local area network (VLAN) on a layer 2 
switch, said method comprising: 

configuring each of said plurality of ports by a user on said layer 2 switch as a protected 
port or a non-protected port; 

matching a destination address on a data packet with a physical address on said layer 2 
switch, said data packet received by an ingress port; 
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generating a forwarding map for said data packet based upon said destination address on 
said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding map. 

9. (Currently Amended) An apparatus for isolating a plurality of ports sharing a single 
virtual local area network (VLAND on a layer 2 switch, comprising: 

a port configurer to configure said plurality of ports as a protected port or a non-protected 

port; 

an address table memory storing an address table, said address table having a destination 
address and port number pair; 

a forwarding map generator generating a forwarding map; and 

said forwarding map responsive to a destination address of a data packet so that the data 
packet is forwarded either to a port number paired with the destination address in said forwarding 
table, or if not so paired, said data packet is forwarded to each of said non-protected ports on said 
switch if an ingress port is protected or if said ingress port is non-protected, said data packet is 
forwarded to all of said plurality of ports. 

10. (Original) The apparatus of claim 9 wherein said incoming packet is forwarded from one 
of said non-protected ports to other non-protected ports. 

1 1 . (Original) The apparatus of claim 9 wherein said data packet is forwarded from one of 
said protected ports to each of said non-protected ports. 
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12. (Original) The apparatus of claim 9 wherein said data packet is forwarded from one of 
said non-protected ports to each of said protected ports. 

13. (Currently Amended) An apparatus for isolating a plurality of ports sharing a single 
virtual local area network (VLAN) on a layer 2 switch, comprising: 

means to configure each of said plurality of ports on said layer 2 switch as a protected or 
non-protected port; 

means to match a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received on an ingress port; 

means to generate a forwarding map for said data packet based upon said destination 
address on said data packet; and 

means to send said data packet to said plurality of ports pursuant to said forwarding map. 

14. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to forward said data packet to each of said non-protected ports if said 
destination address is not matched with said physical address and said ingress port is a protected 
port. 

15. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to forward said data packet to all of said plurality of ports if said 
destination address is not matched with said physical address and said ingress port is a non- 
protected port. 
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16. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to allow said data packet to be forwarded from one of said protected 
ports to each of said non-protected ports. 

17. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises means to allow said data packet to be forwarded between each of said non- 
protected ports. 

18. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises prohibiting said data packet to be forwarded between each of said protected 
ports. 

19. (Original) The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises allowing said data packet to be forwarded between one of said non-protected 
ports to each of said protected ports. 

20. (Currently Amended) A method for isolating a plurality of ports sharing a single virtual 
local area network (VLAhD on a layer 2 switch, comprising: 

maintaining a state for each of said plurality of ports oh said layer 2 switch as a protected 
port or a non-protected port; 

matching a destination address on a data packet with a physical address on said layer 2 
switch, said data packet received by an ingress port; 
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generating a forwarding map for said data packet based upon said destination address on 
said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding map. 

21. (Original) The method of claim 20 wherein said generating step further comprises 
sending said data packet to each of said non-protected ports if said destination address is not 
matched with said physical address and said ingress port is a protected port. 

22. (Original) The method of claim 20 wherein said generating step further comprises 
sending said data packet to all of said plurality of ports if said destination address is not matched 
with said physical address and said ingress port is a non-protected port. 

23. (Original) The method of claim 20 wherein said generating step further comprises 
allowing said data packet to be forwarded from one of said protected ports to each of said non- 
protected ports. 

24. (Original) The method of claim 20 wherein said generating step further comprises 
allowing said data packet to be forwarded between each of said non-protected ports. 

25. (Original) The method of claim 20 wherein said generating step further comprises 
prohibiting said data packet to be forwarded between each of said protected ports. 
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26. (Original) The method of claim 20 wherein said generating step further comprises 
allowing said data packet to be forwarded between one of said non-protected ports to each of said 
protected ports. 

27. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
isolating a plurality of ports sharing a single virtual local area network (VLAN) on a layer 2 
switch, said method comprising: 

maintaining a state for each of said plurality of ports on said layer 2 switch as a protected 
port or a non-protected port; 

matching a destination address on a data packet with a physical address on said layer 2 
switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination address on 
said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding map. 

28 (New) An apparatus for isolating a plurality of ports sharing a single virtual local area 
network (VLAN) on a layer 2 switch, comprising: 

means for maintaining a state for each of said plurality of ports on said layer 2 switch as a 
protected port or a non-protected port; 

means for matching a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received by an ingress port; 
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means for generating a forwarding map for said data packet based upon said destination 
address on said data packet; and 

means for sending said data packet to said plurality of ports pursuant to said forwarding 

map. 

29. (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for sending said data packet to each of said non-protected ports if said destination address 
is not matched with said physical address and said ingress port is a protected port. 

30. (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for sending said data packet to all of said plurality of ports if said destination address is 
not matched with said physical address and said ingress port is a non-protected port. 

3 1 . (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for allowing said data packet to be forwarded from one of said protected ports to each of 
said non-protected ports . 

32. (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for allowing said data packet to be forwarded between each of said non-protected ports. 

33. (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for prohibiting said data packet to be forwarded between each of said protected ports. 
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34. (New) The apparatus of claim 28 wherein said means for generating further comprises 
means for allowing said data packet to be forwarded between one of said non-protected ports to 
each of said protected ports. 

35. (New) An apparatus for isolating a plurality of ports sharing a single virtual local area 
network (VLAN) on a layer 2 switch, comprising: 

a state maintenance module configured to maintain a state for each of said plurality of 
ports on said layer 2 switch as a protected port or a non-protected port; 

a destination address matching module coupled to said state maintenance module and 
configured to match a destination address on a data packet with a physical address on said layer 2 
switch, said data packet received by an ingress port; 

a forwarding map generator coupled to said destination address matching module; and 

a data packet sending module coupled to said forwarding map generator and configured 
to send said data packet to said plurality of ports pursuant to said forwarding map. 

36. (New) The apparatus of claim 35 wherein said forwarding map generator is configured to 
send said data packet to each of said non-protected ports if said destination address is not 
matched with said physical address and said ingress port is a protected port. 

37. (New) The apparatus of claim 35 wherein said forwarding map generator is configured to 
send said data packet to all of said plurality of ports if said destination address is not matched 
with said physical address and said ingress port is a non-protected port. 
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38. (New) The apparatus of claim 35 wherein said forwarding map generator is further 
configured to allow said data packet to be forwarded from one of said protected ports to each of 
said non-protected ports. 

39. (New) The apparatus of claim 35 wherein said forwarding map generator is further 
configured to allow said data packet to be forwarded between each of said non-protected ports. 

40. (New) The apparatus of claim 35 wherein said forwarding map generator is further 
configured to prohibit said data packet to be forwarded between each of said protected ports. 

41 . (New) The apparatus of claim 35 wherein said forwarding map generator is further 
configured to allow said data packet to be forwarded between one of said non-protected ports to 
each of said protected ports. 
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